Kazaa Altnet Download Manager - ActiveX Control Buffer Overflow (Metasploit)

CVE编号

CVE-2007-5217

利用情况

暂无

补丁情况

N/A

披露时间

2007-10-05

漏洞描述

Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://osvdb.org/37785
http://osvdb.org/38435
http://secunia.com/advisories/26970
http://secunia.com/advisories/26972
http://www.securityfocus.com/bid/25903
http://www.vupen.com/english/advisories/2007/3335
http://www.vupen.com/english/advisories/2007/3336
https://exchange.xforce.ibmcloud.com/vulnerabilities/36929

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	altnet	altnet_download_manager	4.0.0.6	-
	运行在以下环境
	应用	grokster	grokster	2.6	-
	运行在以下环境
	应用	kazaa	kazaa_media_desktop	3.2.7	-

CVSS3评分 6.8

• 攻击路径 网络
• 攻击复杂度 N/A
• 权限要求 无
• 影响范围 N/A
• 用户交互 无
• 可用性 部分地
• 保密性 部分地
• 完整性 部分地

AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-ID	漏洞类型
CWE-119	内存缓冲区边界内操作的限制不恰当

Exp相关链接

• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/kazaa_altnet_heap.rb
• https://www.exploit-db.com/exploits/16496

- avd.aliyun.com